<?php
$login =  isset($_POST['login']) ?  $_POST['login']  : '';
$pass  =  isset($_POST['pwd'])   ?  $_POST['pwd']    : '';
$tmp = new Template( 'login_form' );

if ( $login && $pass ) {
  $sql = "
      SELECT * FROM `users`
      WHERE ( `login`='::1' OR `mail`='::1' )
        AND `password`='::2'";
  $res = db::q( $sql, $login, sha1($pass));
  if ( $u = $res->assoc() ) {
    $t = time();
    $hash = sha1( $pass.$t );
    $sql = "
        INSERT INTO `login`
        ( `uid`, `date`, `ip`, `ip_check`, `hash` )
        VALUES
        ( '::1', '::2', '::3', '::4', '::5' )";
    db::q( $sql, $u['id'], $t, $_SERVER['REMOTE_ADDR'], isset($_POST['ip'])?1:0, $hash );
//    if ( page::$ajax ) {
//      echo $u['id'],' ',$hash;
//    } else {
      setcookie( 'auth',  $hash,     time()+60*60*24*600, '/' );
      setcookie( 'id',    $u['id'],  time()+60*60*24*600, '/' );
      page::redirect( urldecode( $_GET['redirect'] ) );
   // }
  } else {
//    if ( page::$ajax ) {
//      echo 'Error';
//    } else {
      $tmp->assign( 'message', "Incorrect login or password.");
    //}
  }
}
page::$html = $tmp;
?>